diff --git a/src/bayou.rs b/src/bayou.rs
index b784ced..97281cd 100644
--- a/src/bayou.rs
+++ b/src/bayou.rs
@@ -6,14 +6,13 @@ use serde::{Deserialize, Serialize};
 use tokio::io::AsyncReadExt;
 
 use k2v_client::{BatchDeleteOp, BatchReadOp, Filter, K2vClient, K2vValue};
-use rusoto_core::HttpClient;
-use rusoto_credential::{AwsCredentials, StaticProvider};
 use rusoto_s3::{
     DeleteObjectRequest, GetObjectRequest, ListObjectsV2Request, PutObjectRequest, S3Client, S3,
 };
 use rusoto_signature::Region;
 
 use crate::cryptoblob::*;
+use crate::login::Credentials;
 use crate::time::now_msec;
 
 const SAVE_STATE_EVERY: usize = 64;
@@ -58,26 +57,18 @@ pub struct Bayou<S: BayouState> {
 
 impl<S: BayouState> Bayou<S> {
     pub fn new(
-        creds: AwsCredentials,
-        k2v_region: Region,
-        s3_region: Region,
-        bucket: String,
+        k2v_region: &Region,
+        s3_region: &Region,
+        creds: &Credentials,
         path: String,
-        key: Key,
     ) -> Result<Self> {
-        let k2v_client = K2vClient::new(k2v_region, bucket.clone(), creds.clone(), None)?;
-        let static_creds = StaticProvider::new(
-            creds.aws_access_key_id().to_string(),
-            creds.aws_secret_access_key().to_string(),
-            creds.token().clone(),
-            None,
-        );
-        let s3_client = S3Client::new_with(HttpClient::new()?, static_creds, s3_region);
+        let k2v_client = creds.k2v_client(k2v_region)?;
+        let s3_client = creds.s3_client(s3_region)?;
 
         Ok(Self {
-            bucket,
+            bucket: creds.bucket.clone(),
             path,
-            key,
+            key: creds.master_key.clone(),
             k2v: k2v_client,
             s3: s3_client,
             checkpoint: (Timestamp::zero(), S::default()),
diff --git a/src/login/mod.rs b/src/login/mod.rs
index 5637e8a..0845371 100644
--- a/src/login/mod.rs
+++ b/src/login/mod.rs
@@ -3,9 +3,19 @@ pub mod static_provider;
 
 use anyhow::Result;
 use async_trait::async_trait;
+use k2v_client::K2vClient;
+use rusoto_core::HttpClient;
+use rusoto_credential::{AwsCredentials, StaticProvider};
+use rusoto_s3::S3Client;
+use rusoto_signature::Region;
 
 use crate::cryptoblob::Key as SymmetricKey;
 
+#[async_trait]
+pub trait LoginProvider {
+    async fn login(&self, username: &str, password: &str) -> Result<Credentials>;
+}
+
 #[derive(Clone, Debug)]
 pub struct Credentials {
     pub aws_access_key_id: String,
@@ -14,7 +24,33 @@ pub struct Credentials {
     pub master_key: SymmetricKey,
 }
 
-#[async_trait]
-pub trait LoginProvider {
-    async fn login(&self, username: &str, password: &str) -> Result<Credentials>;
+impl Credentials {
+    pub fn k2v_client(&self, k2v_region: &Region) -> Result<K2vClient> {
+        let aws_creds = AwsCredentials::new(
+            self.aws_access_key_id.clone(),
+            self.aws_secret_access_key.clone(),
+            None,
+            None,
+        );
+
+        Ok(K2vClient::new(
+            k2v_region.clone(),
+            self.bucket.clone(),
+            aws_creds,
+            None,
+        )?)
+    }
+
+    pub fn s3_client(&self, s3_region: &Region) -> Result<S3Client> {
+        let aws_creds_provider = StaticProvider::new_minimal(
+            self.aws_access_key_id.clone(),
+            self.aws_secret_access_key.clone(),
+        );
+
+        Ok(S3Client::new_with(
+            HttpClient::new()?,
+            aws_creds_provider,
+            s3_region.clone(),
+        ))
+    }
 }
diff --git a/src/mailbox.rs b/src/mailbox.rs
index 8e50b80..d997691 100644
--- a/src/mailbox.rs
+++ b/src/mailbox.rs
@@ -1,8 +1,6 @@
 use anyhow::Result;
 use k2v_client::K2vClient;
 use rand::prelude::*;
-use rusoto_core::HttpClient;
-use rusoto_credential::{ProvideAwsCredentials, StaticProvider};
 use rusoto_s3::S3Client;
 use rusoto_signature::Region;
 
@@ -24,33 +22,19 @@ pub struct Mailbox {
 
 impl Mailbox {
     pub async fn new(
-        k2v_region: Region,
-        s3_region: Region,
-        creds: Credentials,
+        k2v_region: &Region,
+        s3_region: &Region,
+        creds: &Credentials,
         name: String,
     ) -> Result<Self> {
-        let aws_creds_provider =
-            StaticProvider::new_minimal(creds.aws_access_key_id, creds.aws_secret_access_key);
-        let aws_creds = aws_creds_provider.credentials().await?;
-
-        let uid_index = Bayou::<UidIndex>::new(
-            aws_creds.clone(),
-            k2v_region.clone(),
-            s3_region.clone(),
-            creds.bucket.clone(),
-            name.clone(),
-            creds.master_key.clone(),
-        )?;
-
-        let k2v_client = K2vClient::new(k2v_region, creds.bucket.clone(), aws_creds, None)?;
-        let s3_client = S3Client::new_with(HttpClient::new()?, aws_creds_provider, s3_region);
+        let uid_index = Bayou::<UidIndex>::new(k2v_region, s3_region, creds, name.clone())?;
 
         Ok(Self {
-            bucket: creds.bucket,
+            bucket: creds.bucket.clone(),
             name,
-            key: creds.master_key,
-            k2v: k2v_client,
-            s3: s3_client,
+            key: creds.master_key.clone(),
+            k2v: creds.k2v_client(&k2v_region)?,
+            s3: creds.s3_client(&s3_region)?,
             uid_index,
         })
     }
diff --git a/src/main.rs b/src/main.rs
index 16eafc4..40dfbb8 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -64,9 +64,9 @@ impl Main {
         let creds = self.login_provider.login("lx", "plop").await?;
 
         let mut mailbox = Mailbox::new(
-            self.k2v_region.clone(),
-            self.s3_region.clone(),
-            creds.clone(),
+            &self.k2v_region,
+            &self.s3_region,
+            &creds,
             "TestMailbox".to_string(),
         )
         .await?;